On Dec 23, 2007, at 8:05 PM, Maurice Smiley wrote:
One possible reason is that if you have guest access turned on for the share, 10.5 will connect as a guest instead of trying to generate a ticket.
On Dec 23, 2007, at 4:56 PM, Andrew Jones wrote:
When a 10.4 client uses the icon in the finder sidebar to connect to my server it creates a Kerberos ticket for apfserver and allows future logins for other applications to use that ticket. 10.5 clients however do not generate a Kerberos ticket if the client uses the server icon under Shared in the finder sidebar. The Kerberos ticket also doesn't get generated if the 10.5 user uses Connect to Server and then Browse. The only time an AFP connection generates a Kerberos ticket is if the user selects Connect to Server and then types in the IP address or bonjour name or host name of the server. Why is this? How can I get 10.5 clients to obtain a Kerberos ticket without having to use Connect to Server or the Kerberos application in /Library/CoreServices/? Is it possible to make it work like it does for users on 10.4?
I believe I have a similar - if not the same - problem. Let me see if I can find my description from another post so I don't have to re-type everything...
Copied from a post on Ars Technica:
I can't seem to get - either via the new servers sidebar, or with Cmd-K - a kerb ticket for an AFP share from my OS X server.
In 10.4 I could hit Cmd-K and choose my server and if I didn't already have a TGT it would pop up the kerb dialog box and I could put in my password and all would be well. Here in 10.5 land if I already have a TGT everything works as expected, but if AFP is the first kerb service I try to use I can't seem to make it pop up the box. I just get the standard password box instead.
Sounds about right.
--
Thanks,
David
321.961.5281
